Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3008


Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3008
Last Modified 08 Aug 2011 12:00:00
Published 05 Aug 2011 05:55:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.

Vulnerable Systems


  • Avaya Secure Access Link Gateway 1.5

  • Avaya Secure Access Link Gateway 1.8

  • Avaya Secure Access Link Gateway 2.0


CERT-VN - VU#690315

XF - avaya-sal-info-disclosure(68922)

BID - 48942


Last Updated: 27 May 2016 10:57:14